My Research Lab

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent automated research assistant, but it needs Review because it can keep running, read memory and local configuration, and send or archive personalized outputs with limited consent controls.

Install only if you want a persistent scheduled research assistant. Before enabling it, confirm the exact schedules, push destinations, storage locations, memory fields used for personalization, and how to pause or delete automations and archives. Use scoped SMTP/webhook credentials and review generated memory/config/archive files regularly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (16)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad enough to match ordinary conversational requests such as asking for updates or analysis, which can cause the skill to activate unintentionally. In this skill, unintended invocation is more dangerous because activation can lead to memory access, web searches, scheduled task creation, persistence, and outbound notifications.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill declares access to sensitive capabilities including user memory, local files, scheduled tasks, SMTP credentials, webhooks, and network operations, but does not present a clear user-facing consent and risk notice at the point of use. Because the skill is designed to run persistently and push data externally, this omission increases the chance of privacy violations, unexpected automation, and unintended exfiltration of user-related information.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly states that AI may continue acting, completing work, and archiving results even if the user does not respond, but it does not pair that behavior with a strong warning or explicit consent flow. In context, autonomous background execution combined with persistence and outbound reporting can create silent data collection, unexpected system changes, and privacy exposure over time.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow instructs the agent to silently inspect existing push integrations such as email, enterprise messaging, and other IM channels without first notifying the user or obtaining explicit consent. This creates a privacy and authorization risk because the agent may enumerate and reuse communication endpoints the user did not expect it to inspect during setup, increasing the chance of unintended disclosure or surprise access to connected systems.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The storage setup performs silent detection of available storage backends and may default to local filesystem storage, but the flow does not require an explicit, up-front warning before inspecting storage options or writing outputs locally. This is dangerous because research outputs may contain sensitive content, and automatic local persistence can violate user expectations about where data is stored and retained.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill directs a silent scan of local directories and user memory to discover other installed skills and profile-like 'master' configurations, including reading SKILL.md descriptions and auto-binding matches. This is a real privacy and scope-control issue because it causes the agent to inspect local files and memory-derived configuration without transparent notice, potentially exposing unrelated installed skills or inferred interests beyond what is needed for the current task.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The template directs the agent to automatically push generated content to all configured channels and archive full versions, but it does not require any user-facing disclosure, approval boundary, or data-minimization check before transmission/storage. In a research-lab skill that aggregates web content, user memory, and commentary, this can expose sensitive derived insights, preferences, or workspace-linked data to external channels or persistent storage without sufficiently informed consent.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The template repeatedly reads from and writes to user memory, including configuration, feedback rules, error logs, source-weight adjustments, coverage data, and rotation state, yet provides no explicit notice that persistent profile updates will occur. Because the skill is designed to 'self-evolve' over time, the lack of transparency and limits on memory persistence increases privacy risk and can create durable behavioral profiling beyond what a user may reasonably expect.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow explicitly requires pushing user-related content to all configured channels and persisting a full version to long-term storage, but it does not require explicit user consent, notice, retention limits, or data minimization. Because the content is also enriched with user memory and personal relevance analysis, this can expose sensitive behavioral or professional information through unintended dissemination or over-retention.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill permits the AI to autonomously perform a head experiment, archive it, and later notify the user even when the user never replied. That creates a consent and transparency problem because the system may generate, infer, and store user-related analysis based on memory without an active user decision or immediate visibility.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This section authorizes the AI to execute project tasks automatically after capturing a preference, including potentially external or high-impact actions such as publishing content and running follow-up validation. A one-time preference is insufficient for materially consequential actions, especially when the skill also uses reminders, proactive execution, and user memory to continue operating without granular approval.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to read user memory and tailor topic selection and output content based on inferred interests, which creates a semantic risk of disclosing personal context beyond what is necessary for the immediate task. This is especially risky here because the generated content may be archived or pushed through external channels, turning personalization into data leakage.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The skill repeatedly requires storing feedback history, action history, source weighting, rotation state, and other evolving user-linked data, while also reusing memory to shape future outputs. That persistent behavioral profiling increases the risk of over-collection and of sensitive user preferences or historical interactions being surfaced in reports, logs, or external pushes beyond the user's immediate intent.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill explicitly requires writing operational state and feedback-derived information into memory across runs, and says this step should still execute even if earlier steps fail. Persistent cross-run memory about user behavior and system state can accumulate sensitive profile data without clear consent, retention limits, or minimization, creating privacy and unauthorized profiling risks.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The weekly source-health report is directed to be silently recorded to memory, which means persistence occurs without a user-visible notice at the time of collection. Silent persistence is risky because it normalizes hidden state accumulation and can capture user interests, source preferences, and behavior patterns that affect future outputs without transparency.

Ssd 3

Medium

Confidence: 99% confidence
Finding: This section mandates recording user feedback, analyzing it, generating rules from it, and writing those rules into memory for future runs. That creates persistent behavioral profiling and automated preference inference, which can be sensitive, difficult for users to audit, and prone to over-collection if the feedback contains personal or confidential information.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal